cfd7a8329e65a7839aac8c11206ba7dd_JaffaCakes118

General

Target

cfd7a8329e65a7839aac8c11206ba7dd_JaffaCakes118
Size

144KB
MD5

cfd7a8329e65a7839aac8c11206ba7dd
SHA1

1944386b56e001141f4c3ca6a6ebf333dacfa3c4
SHA256

5b547ff2eeccf84af0a10f55fb3a066b88fe88be92fb38be26d6457fe9da2020
SHA512

417ea3d0dfaf18cd1b84bb183262b428d3655d48deef35a45f344a614e164d6a5463016f94c178143e5223a0cc6a203aa5694fe584d423c3a5bda3cc2fd093db
SSDEEP

3072:E7cbj5CM2xb8/cc0I3/7CLcZ5aKvWzxYKxDFIjJFHuOKsChn:Xb9kxuBNPu4Z5DyLDFIj7uqC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfd7a8329e65a7839aac8c11206ba7dd_JaffaCakes118

Files

cfd7a8329e65a7839aac8c11206ba7dd_JaffaCakes118
.dll windows:5 windows x86 arch:x86

c51abf5a3f72bb5e5209134411559208

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

perfdisk.pdb

Imports

msvcrt

wcsncmp
memmove
_ftol
_wtol
swprintf
_ltow
wcscpy
wcscmp
wcsstr
towupper
_except_handler3

ntdll

NtQuerySystemInformation
NtClose
RtlNtStatusToDosError
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtOpenFile
NtQueryVolumeInformationFile
NtDeviceIoControlFile
RtlInitUnicodeString
NtQueryValueKey
NtOpenKey

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
VirtualAlloc
CreateFileW
GetLastError
DeviceIoControl
SetLastError
QueryPerformanceFrequency
HeapAlloc
lstrlenW
HeapCreate
HeapReAlloc
HeapFree
HeapValidate
HeapDestroy
VirtualProtect
lstrcpyW
lstrcmpW
lstrcmpiW
GetSystemTimeAsFileTime
CloseHandle
SetErrorMode

advapi32

DeregisterEventSource
RegisterEventSourceW
ReportEventA
WmiCloseBlock
WmiQueryAllDataW
WmiOpenBlock
ReportEventW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

Exports

Exports

ServiceMain
CollectDiskObjectData
OpenDiskObject

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c51abf5a3f72bb5e5209134411559208

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

advapi32

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 3KB - Virtual size: 2KB

.rsrc Size: 121KB - Virtual size: 120KB

.reloc Size: 1024B - Virtual size: 944B

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 121KB - Virtual size: 120KB

.reloc
Size: 1024B - Virtual size: 944B